Ok, so here is the deal. I'm trying to make a login system that is more secure (and make it better in general), but I am having a bit of trouble. I relize some of my problems but I can not think of another way to fix them. So here is my code.

Firstly, you are allowing anyone to register an account - if that is the case, why have a user account at all? Account verification should be a two-stage process, if true secure account creation and login is required.

Secondly, you are hard-coding variables into your SQL code - this is the easiest way to allow hackers to use SQL injection .... huge no-no !!!

If you want a secure login, use SSL and spend some cash on a secure certificate (Verisign or Thawte are the two largest companies) - all transactions will then be encrypted.

Then use stored procedures at the database level - you pass into the stored procedure the parameters you need (in this case the username and password). And make sure the encryption of the password is done at the database level, within the stored procedure - both for creating the user account and for verifying the user details.